This application relates generally to authentication. More specifically, the disclosure provided herein relates to using a quantified approach to provide scored factor-based authentication.
Because of the proliferation of computing devices throughout almost every aspect of daily life, an increasing number of people use computing devices on a daily basis. The use of computing devices has pervaded almost every aspect of daily life, and the increasing sophistication and popularity of smartphones and/or other portable devices has ensured that a large percentage of human beings in the world have the ability to interact with remote computing systems on an almost constant as-desired basis.
While the proliferation of computing access has created an enormous amount of opportunity, the need to identify users and/or their devices has become extremely important. For example, while only five years ago the average person went to a brick-and-mortar financial institution to conduct any sort of financial transaction, many smartphone users today are able to deposit checks, transfer funds, and/or make payments via a smartphone without ever entering into a bank or similar location. Similarly, many modern smartphone users today are able to execute securities trades over the internet from a smartphone, activities that until recently may never have even been contemplated.
To allow mobile users to undertake these complex and security-intense transactions, various authentication approaches have been used. Most of these approaches are based upon categories of authentication factors such as information known by only the real user, information possessed by only the real user, and/or something inherent to only the real user. Sometimes, authentication approaches combine factors to provide multi-factor authentication. While these approaches provide some level of security, many of the relied-upon factors do not provide nonrepudiation to a degree at which the authenticating system can be somewhat sure that the entity providing the information cannot dispute the authenticity of the communication via which the information was provided.
While the layering and/or combination of factors into various authentication schemes may be helpful in some embodiments, these factors may be chosen based upon the ability or ease with which the average user can respond. The combinations may or may not provide a heightened level of nonrepudiation, and as such, may provide limited benefit when compared to the traditional single-factor authentication techniques described above.